Professional Documents
Culture Documents
313189-F Rev 00
May 2006
Getting Started
Ethernet Routing Switch 8600 Software
Release 4.1
2
Trademarks
Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel.
Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
UNIX is a trademark of X/Open Company Limited.
The asterisk after a name denotes a trademarked item.
Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel reserves the right to make
changes to the products described in this document without notice.
Nortel does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s)
described herein.
Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All
rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above
copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials,
and other materials related to such distribution and use acknowledge that such portions of the software were developed
by the University of California, Berkeley. The name of the University may not be used to endorse or promote products
derived from such portions of the software without specific prior written permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains
restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third
parties).
313189-F Rev 00
3
Getting Started
4
license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and
48 C.F.R. 227.7202 (for DoD entities).
b. Customer may terminate the license at any time. Nortel may terminate the license if Customer fails to comply
with the terms and conditions of this license. In either event, upon termination, Customer must either return
the Software to Nortel or certify its destruction.
c. Customer is responsible for payment of any taxes, including personal property taxes, resulting from
Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable
export and import laws and regulations.
d. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
e. The terms and conditions of this License Agreement form the complete and exclusive agreement between
Customer and Nortel.
f. This License Agreement is governed by the laws of the country in which Customer acquires the Software. If
the Software is acquired in the United States, then this License Agreement is governed by the laws of the state
of New York.
313189-F Rev 00
5
Contents
Chapter 1
Using Ethernet Routing Switch documentation . . . . . . . . . . . . . . . . . . . . . 23
Reliability/Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
IP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Serviceability/Manageability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Accessing Ethernet Routing Switch documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Using Ethernet Routing Switch documents during installation . . . . . . . . . . . . . . . . . . . 26
Preparing for initial configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Installing the Ethernet Routing Switch software and hardware . . . . . . . . . . . . . . . 26
Configuring the firewall iSDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Installing CheckPoint Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 2
Setting up the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Connecting a terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Getting Started
6 Contents
Connecting a modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Password encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Resetting and modifying passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Boot monitor CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Run time CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Logging on to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
hsecure bootconfig flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Modifying the CLI login and passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Enabling or disabling CLI access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring the switch with the Setup Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Running the Setup Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Configuration example: setup utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Rebooting or resetting the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Cold boot/warm boot trap messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Setting system identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Managing files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Displaying a directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Copying files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Saving the configuration to a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Pinging a device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Setting and displaying the date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Accessing the standby CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Exiting and re-entering the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Chapter 3
Setting up the switch for remote management . . . . . . . . . . . . . . . . . . . . . . 61
313189-F Rev 00
Contents 7
Disabling a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Monitoring the switch using Web management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Managing the switch using Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Chapter 4
Providing switch reliability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Getting Started
8 Contents
313189-F Rev 00
9
Figures
Getting Started
10 Figures
313189-F Rev 00
11
Tables
Getting Started
12 Tables
313189-F Rev 00
13
This chapter explains how to get help for Nortel products and services.
www.nortel.com/support
Getting Started
14 How to get help
This site provides quick access to software, documentation, bulletins, and tools to
address issues with Nortel products. From this site you can:
Outside North America, go to the following Web site to obtain the phone number
for your region:
www.nortel.com/callus
www.nortel.com/erc
313189-F Rev 00
How to get help 15
Getting Started
16 How to get help
313189-F Rev 00
17
Preface
This guide provides procedures for setting up and starting the Ethernet Routing
Switch.
Nortel’s Ethernet Routing Switch 8600 modules deliver a reliable, secure and
intelligent network routing solution for converged applications. Hardware-based
wire speed performance combined with Quality of Service (QoS) mechanisms
enable fast and efficient traffic classification, policy enforcement and filtering.
This combination benefits time-sensitive applications such as video and voice
with better application response times and fewer dropped calls. The Ethernet
Routing Switch 8600 modules deliver a unique solution by combining
performance, intelligence and five nines reliability in one solution.
Getting Started
18 Preface
Text conventions
This guide uses the following text conventions:
angle brackets (< >) Indicate that you choose the text to enter based on the
description inside the brackets. Do not type the
brackets when entering the command.
Example: If the command syntax is
ping <ip_address>, you enter
ping 192.32.10.12
bold Courier text Indicates command names and options and text that
you need to enter.
Example: Use the dinfo command.
Example: Enter show ip {alerts|routes}.
braces ({}) Indicate required elements in syntax descriptions where
more than one option available. You must choose only
one of the options. Do not type the braces when
entering the command.
Example: If the command syntax is
show ip {alerts|routes}, you must enter either
show ip alerts or show ip routes, but not both.
brackets ([ ]) Indicate optional elements in syntax descriptions. Do
not type the brackets when entering the command.
Example: If the command syntax is
show ip interfaces [-alerts], you can enter
either show ip interfaces or
show ip interfaces -alerts.
ellipsis points (. . . ) Indicate that you repeat the last element of the
command as needed.
Example: If the command syntax is
ethernet/2/1 [<parameter> <value>]... ,
you enter ethernet/2/1 and as many
parameter-value pairs as needed.
313189-F Rev 00
Preface 19
Getting Started
20 Preface
Acronyms
This guide uses the following acronyms:
313189-F Rev 00
Preface 21
Getting Started
22 Preface
313189-F Rev 00
23
Chapter 1
Using Ethernet Routing Switch documentation
Ethernet Routing Switch 8600 Software Release 4.1 offers the following features:
Reliability/Resiliency
• Sub 100 ms convergence
• Layer 3 High Availability (HA) Phase 2
• Resilient Switch Clustering - L3 support
• Resilient Switch Clustering - Multicast support
• Multicast (Mcast) over Protocol Independent Multicast-Sparse Mode
(PIM-SM)
• Simple Loop Prevention Protocol (SLPP)
• 802.1w/802.1s—Rapid Spanning Tree Protocol (RSTP- 802.1w) and Multiple
Spanning Tree Protocol (MSTP)/Multiple Spanning Tree Group (802.1s)
• 802.3ad/Split MultiLink Trunking (SMLT) interop/VLACP
• MultiLink Trunking (MLT) scaling
• Per VLAN Spanning Tree (PVST+) (Cisco Compatibility)
IP Services
• Internet Protocol version 6 (IPv6)
Security
• Service Delivery Module Firewall (SDM-FW)
• Service Delivery Module Threat Protection System (SDM-TPS)
• Reverse Path Checking
• 802.1X Extensible Authentication Protocol (EAP)
• Extended Authentication Protocol (802.1x) with User Based Policy support
(EPM)
Getting Started
24 Chapter 1 Using Ethernet Routing Switch documentation
• CLI Logging
• Advanced Encryption Standard (AES) support for SNMPv3
Serviceability/Manageability
• Internet Protocol Flow Information eXport (IPFIX)
• Lite Domain Name Service (DNS) Client
• Ping Trace Routes and Management Information Base (MIB)
• Remote Mirroring
This chapter describes the documents that you use to install and configure the
Ethernet Routing Switch 8600 and firewall modules. A description of the
installation process is provided, listing which documents to reference during the
installation and configuration of your Ethernet Routing Switch 8600 system. This
section includes the following topics:
313189-F Rev 00
Chapter 1 Using Ethernet Routing Switch documentation 25
Getting Started
26 Chapter 1 Using Ethernet Routing Switch documentation
Before continuing with the installation process, read the following documents that
provide more information about the Ethernet Routing Switch 8600 functionality.
You are now ready to plan the network configuration, and install the hardware and
software related to Ethernet Routing Switch switch.
1 Check that the installed version of Ethernet Routing Switch 8600 software is
release 4.1 or later. Refer to Upgrading to Ethernet Routing Switch 8600
Switch Series Software Release 4.1 (316674-C) if you need to upgrade the
existing software release.
313189-F Rev 00
Chapter 1 Using Ethernet Routing Switch documentation 27
Configure the Ethernet Routing Switch 8660 SDM using the CLI or Device
Manager using the following steps. Refer to the Firewall and Intrusion Sensor
User’s Guide (217315-B) for detailed instructions.
Getting Started
28 Chapter 1 Using Ethernet Routing Switch documentation
Note: The latest iSD software is preinstalled before shipping. This step
is not necessary for a new installation. If you do need to update the iSD
software, refer to Chapter 11 of the Firewall and Intrusion Sensor User’s
Guide (217315-B).
3 Create the Firewall Interface, matching the VLAN IDs to those created in
“Install the Ethernet Routing Switch 8660 Service Delivery Module into the
8600 chassis using the instructions in Installing the 8660 Service Delivery
Module (SDM) (217314-B).” on page 27.
4 Configure the VRRP subaddress and Virtual Router ID (VRID).
5 Configure static routes for the iSD firewalls and SmartCenter server.
6 Add CheckPoint licenses for each iSD.
313189-F Rev 00
29
Chapter 2
Setting up the switch
This chapter describes how to connect a terminal and a modem to the switch, how
to log on to the switch software, how to configure the switch using the Setup
Utility, how to reboot the switch using the command line interface (CLI), and how
to perform basic tasks. This section includes the following topics:
Getting Started
30 Chapter 2 Setting up the switch
Use the Boot Monitor CLI to configure and manage the boot process. You initiate
a Boot Monitor CLI session only through a direct serial-port connection to the
switch. After the Boot Monitor CLI is active, you can access it only through a
console session. Within the Boot Monitor CLI, you can change the boot
configuration, including boot choices and boot flags.
You access the Run-Time CLI through a direct serial-port connection to the switch
or through a Telnet, SSH (Secure Shell), or remote login (Rlogin) session (if the
flags for Telnet and Rlogin are set to allow remote access). Ethernet Routing
Switch modules support one CLI session at the console serial port or up to eight
Telnet/SSH sessions. You can open a Telnet session from Device Manager by
clicking on the Telnet button on the toolbar or choosing Device > Telnet from the
menu bar.
For more information about the Boot Monitor and Run-Time CLIs, see Managing
Platform Operations (315545-E). For more information about Device Manager,
see Installing and Using Device Manager (316341-D).
You can use any terminal or personal computer (PC) with a terminal emulator as
the CLI console station. For instructions to connect the computer or terminal, see
the next section, “Connecting a terminal” on page 31.
313189-F Rev 00
Chapter 2 Setting up the switch 31
Connecting a terminal
The serial console interface is an RS-232 port that connects to a PC or terminal for
monitoring and configuring the switch. The port is implemented as a DB-9
connector that can operate as either data terminal equipment (DTE) or data
communication equipment (DCE). The default communication protocol settings
for the console port are:
• 9600 baud
• 8 data bits
• 1 stop bit
• No parity
Getting Started
32 Chapter 2 Setting up the switch
3 Connect the other end of the cable to the terminal or computer serial port.
4 Turn on the terminal.
5 Log on to the CLI (“Resetting and modifying passwords” on page 35).
Connecting a modem
You can access the CLI through a modem connection to the Ethernet Routing
Switch 8690SF, 8691SF, or 8692SF modules. This section describes how to
connect a modem to the modem port on the module.
Switch Modem
Signal Pin DCE DB-9 DCE DB-25
number pin number pin number
RXD 2 2 3
TXD 3 3 2
DTR 4 4 20
GND 5 5 7
DSR 6 6 6
RTS 7 7 4
CTS 8 8 5
The modem port is a DTE device operating at 9600 baud, 8 data bits, no parity,
and one stop bit. Because the modem port expects to receive Data Set Ready
(DSR) and Clear To Send (CTS) signals before transmitting, these control lines
are required in the cables. The modem port supports no inbound flow control; that
is, the port does not turn on and turn off control lines to indicate the input buffer is
full.
313189-F Rev 00
Chapter 2 Setting up the switch 33
To connect a modem to an Ethernet Routing Switch you might need to set up the
modem port first using another type of connection to the CLI.
Note: Nortel recommends that you use the default settings for the
Modem port for most modem installations.
To set up the modem port using the Ethernet Routing Switch CLI:
Now you can enter options for this command level without retyping the first
part of the command.
2 Use the following commands to set port parameters based on the requirements
of the modem:
• baud <rate>
where:
rate is the baud rate for the modem. The default is 9600.
• 8databits <true|false>
where:
false sets the number of data bits per byte to 8. This setting is the
default.
true sets the number of data bits per byte to 7.
• mode <ascii|slip|ppp>
where:
ascii is the default setting. This setting is recommended for most
modem connections.
slip sets the port for serial line IP (SLIP) operation.
ppp sets the port for point-to-point protocol (PPP) operation.
Getting Started
34 Chapter 2 Setting up the switch
3 If you set the port mode to slip, use the following commands to set other
SLIP parameters:
• slip-compression <true|false> to enable or disable Transmission
Control Protocol (TCP)/IP header compression. The default is false.
• slip-rx-compression <true|false> to enable or disable TCP/IP
header compression on the receive packet. The default is false.
4 If you set the port mode to ppp, use the following commands to set other PPP
parameters:
• mtu <bytes> to set the maximum transmission unit for the
point-to-point link. The default is zero (0).
• my-ip <ipaddr> to set the near-end IP address on the point-to-point
link. The default is 0.0.0.0.
• peer-ip <ipaddr> to set the peer IP address on the point-to-point link.
The default is 0.0.0.0.
• pppfile <file> to identify the file to use for PPP initialization
parameters.
5 On the modem, turn off echo mode and return code messaging.
6 Connect the modem to the modem port using a cable with the connector
described in Table 2 on page 32.
313189-F Rev 00
Chapter 2 Setting up the switch 35
Password encryption
In the Ethernet Routing Switch 8600 Software Release 4.1, passwords are stored
in encrypted format and are no longer stored in the configuration file.
You can modify the passwords using the two CLI modes:
To reset the all passwords to the factory defaults, enter the following command at
the boot monitor prompt:
reset-passwd
Getting Started
36 Chapter 2 Setting up the switch
Default Default
Access level Description
login password
313189-F Rev 00
Chapter 2 Setting up the switch 37
Default Default
Access level Description
login password
Read/write View and change configuration and status rw rw
information across the switch; does not
allow changing security and password
settings. Is equivalent to SNMP read-write
community access.
Read/write/all Permits all the rights of Read-Write rwa rwa
access and the ability to change security
settings, including the CLI and Web-based
management user names and passwords
and the SNMP community strings.
The Ethernet Routing Switch supports the flag, called High Secure (hsecure)
configurable in bootconfig mode. This flag introduces the following behaviors for
the password: 10 characters enforcement, aging time, limitation of failed login
attempts, and a protection mechanism to filter certain IP addresses.
When the hsecure flag is enabled, the software enforces the 10-character rule for
all passwords. When you upgrade from a previous release, if the password does
not have at least 10 characters, you are prompted to change your password to the
mandatory character length. This password must contain a minimum of two
uppercase characters, two lowercase characters, two numbers, and two special
characters.
A warning message appears, prompting you to reboot the switch for the change to
take effect:
Warning: Please save boot configuration and reboot the switch for
this to take effect.
Getting Started
38 Chapter 2 Setting up the switch
After you enable hsecure and reboot the switch, any user with an invalid-length
password is prompted to change their password:
Login: rwa
Password: ***
Your password is valid but less than mandatory 10 characters.
Please change the password to continue.
Enter the New password : **********
Re-enter the New password : **********
Password changed successfully
If the switch boots in hsecure mode by default factory settings, with no password
previously configured, the default passwords are changed to respect this rule.
Table 4 describes the new default passwords.
rwa rwarwarrwar
rw rwrwrwrwrw
ro rororororo
l3 l3l3l3l3l3
l2 l2l2l2l2l2
l1 l1l1l1l1l1
l4admin l4adminl4a
slbadmin slbadminsl
oper operoperop
l4oper l4operl4op
slboper slboperslb
ssladmin ssladminss
313189-F Rev 00
Chapter 2 Setting up the switch 39
ro publiconly
l1 privateonly
l2 privateonly
l3 privateonly
rw privateonly
rwa secretonly
Aging enforcement
When you enable the hsecure flag, after a certain duration (configurable,
default = 90 days), you are asked to change your password, as described
previously.
The aging parameter is configurable by executing the CLI command shown in the
following display:
Note: For SNMP and FTP, when a password expires, access is denied.
Community strings must be changed to a new string made up of more than
8 characters before accessing the system.
Getting Started
40 Chapter 2 Setting up the switch
Filtering mechanism
Note: Note that this change is valid for all IP subnets, not only for /24 as
mentioned in the example. Source addresses 192.168.168.0 and
192.168.168.255 are discarded.
A user trying to logon with a disabled access level through any means, for
example, FTP, SCP, SSH, Rlogin or TELNET is denied access to the switch. The
following error message is displayed when a user tries to log in with an access
level that is blocked:
313189-F Rev 00
Chapter 2 Setting up the switch 41
The message logged to the log file for console/modem port is:
If a user disables an access level, all the running sessions with that access level to
the switch are terminated except FTP sessions.
where:
Note: Only the RWA user can disable any particular access level on the
switch. The RWA access level cannot be disabled on the switch.
These configurations are preserved across reboots.
Device Manager support is available for this feature under Security > Control Path
> CLI.
Getting Started
42 Chapter 2 Setting up the switch
The Setup Utility helps you configure your switch by asking you a series of
questions. Then it saves the information in the boot and runtime configuration
files. This saved information and these files ensure that your switch reboots in the
desired operating mode. The Setup Utility also displays error and warning
messages to advise you of the ramifications of certain hardware and software
configurations.
This section describes how to use the Setup Utility to configure the boot and
run-time configuration files. For detailed information about the supported
operating modes, see Managing Platform Operations (315545-E).
The Setup Utility prompts you through the configuration process by asking a
series of questions. Answer each question or accept the default by pressing Enter.
Each question shows the default in brackets and the acceptable parameter options
in parenthesis. For more information about the individual prompts, see Table 6 on
page 46.
To start and use the Ethernet Routing Switch Setup Utility, enter the following
command:
install
Note: After running the Setup Utility, remember to reboot the switch. See
the following section,“Rebooting or resetting the switch” on page 49 for
instructions.
313189-F Rev 00
Chapter 2 Setting up the switch 43
Figure 1 on page 43, Figure 2 on page 44, and Figure 3 on page 45 show sample
output from the setup utility. In this example, the defaults have been accepted.
ERS-8606:5#
ERS-8606:5# install
################################################################
Welcome to ERS 8000 setup utility. You are about to
configure initial configuration of the switch. Part of the data will
be stored in the file /flash/boot.cfg and part will be stored in
runtime configuration file. Please reboot the switch after initial
configuration
Getting Started
44 Chapter 2 Setting up the switch
Syncing autoneg
HA-CPU change will be applied at the end of this session only if you choose to
save configuration
#################
System Services
#################
#
Do you want to enable FTP [n] (y/n) ? y
Do you want to enable RLOGIN [n] (y/n) ? y
Do you want to enable TELNET [n] (y/n) ? y
Do you want to enable TFTP [n] (y/n) ? y
Do you want to enable WEB server service [n] (y/n) ? y
#
1 - FTP server service (true)->true
2 - RLOGIN server service (false)->true
3 - TELNET server service (true)->true
4 - TFTP server service (true)->true
5 - WEB server service (false)->true
#
#######################
IP Network connectivity
#######################
313189-F Rev 00
Chapter 2 Setting up the switch 45
Getting Started
46 Chapter 2 Setting up the switch
Prompt Description/Action
Please provide primary config-file path Description: Indicates the name of the primary configuration
[/flash/config.cfg]: file.
Action: Press Enter to accept the default (/flash/config.cfg), or
enter a different file name for the primary configuration file. To
store your config file on the PCMCIA card, use /PCMCIA/
config.cfg. Specifying the path to the file is optional.
Please provide primary image-file path Description: Indicates the name of the primary image file.
[/flash/p80a4100.img]: Action: Press Enter to accept the default (p80a4100.img), or
enter a different file name for the primary image file.
Specifying the path to the file is optional. If your runtime image
resides on your PCMCIA card, you must specify the /PCMCIA/
filename.
Please add system prompt [ERS-8606]: Description: Specifies the text for the prompt.
Action: Press Enter to accept the default (ERS-8610), or
enter a different string of up to 20 characters.
Please select CPU Master slot (5/6) [5]: Description: Indicates the slot number of the master central
processing unit (CPU).
Action: Press Enter to accept the default (5), or specify 6 for
the master CPU slot.
Master CPU mgmt port: autonegotiation [n] Description: Specifies whether you want the master CPU to
(y/n)? use autonegotiation.
Action: Enter n to accept the default, or enter y to indicate
that you want the master CPU management port to use
autonegotiation.
speed (10/100) [10]: Description: Specifies the line speed in Mbps.
Action: Press Enter to accept the default (10 Mbps), or
specify 100 Mbps.
Do you want to enable automatic Description: Specifies whether you want the boot and
savetostandby mode [n] (y/n)? run-time configuration files to be saved on the backup CPU.
Action: Enter y if you want the boot and runtime configuration
files to be saved on the backup CPU. Accept the default (n), if
you want the boot and runtime configuration files to be saved
on the primary CPU.
313189-F Rev 00
Chapter 2 Setting up the switch 47
Prompt Description/Action
Do you want to enable m-mode support [n] Description: Specifies whether you want the chassis to run in
(y/n)? 128 K mode. To run in 128 K mode, the CPU module must be
an 8691 or higher and the switch must have at least one 8600
module (128 K module).
Note: If you enable m-mode support and you have a mixed
configuration of modules, the E-modules and legacy modules
are disabled.
Action: Enter y if you want the chassis to run in 128 K M
mode. Accept the default (n), if you want it to run in 32 K mode
only.
Do you want to enable enhanced operation Description: Specifies whether you want to enable enhanced
mode support [n] (y/n)? operation mode. Enhanced operation mode increases the
maximum number of VLANs when using MultiLink Trunking
(MLT) (1980) and Split MLT (SMLT) (989). This mode requires
8600 E- or M-modules.
Note: If you enable enhanced operation mode and you have a
mixed configuration of modules, the legacy modules (neither
E- nor M-modules) are disabled.
Action: Enter y if you want to enable enhanced operation
mode. Accept the default (n), if you do not want to enable
enhanced operation mode.
Do you want to enable CPU High Availability Description: Specifies whether you want to enable CPU high
mode [n] (y/n)? availability (HA) mode. CPU HA mode enables switches with
two CPUs to recover quickly from a failure of one of the CPUs.
In HA mode, also called hot standby, the two CPUs are
synchronized, meaning that the CPUs are compatible and
configured in the same mode.
Action: Specify y if you want to enable CPU high availability
(HA) mode. Accept the default (n), if you do not want to enable
CPU HA mode.
Do you want to enable Description: Specifies whether you want to enable support
vlan-optimization-mode support [n] (y/n) ? for the VLAN optimization mode.
Action: Specify y if you want to enable
vlan-optimization-mode support. Accept the default (n) if you
do not want to enable vlan-optimization-mode support.
Do you want to enable r-mode support [n] Description: Specifies whether you want to enable support
(y/n) ? for the r-mode support.
Action: Specify y if you want to enable r-mode support.
Accept the default (n) if you do not want to enable r-mode
support.
Do you want to enable FTP [n] (y/n)? Description: Specifies whether you want users to access the
switch using File transfer Protocol (FTP).
Action: Enter y if you want to enable FTP for remote users.
Accept the default (n), if you do not want to enable FTP.
Getting Started
48 Chapter 2 Setting up the switch
Prompt Description/Action
Do you want to enable RLOGIN [n] (y/n)? Description: Specifies whether you want users to access the
switch using Rlogin.
Action: Enter y if you want to enable Rlogin for remote users.
Accept the default (n), if you do not want to enable Rlogin.
Do you want to enable TELNET [n] (y/n)? Description: Specifies whether you want users to access the
switch using Telnet.
Action: Enter y if you want to enable Telnet. Accept the
default (n), if you do not want to enable Telnet.
Do you want to enable TFTP [n] (y/n)? Description: Specifies whether you want user to access the
switch using Trivial FTP (TFTP).
Action: Enter y if you want to enable TFTP. Accept the default
(n), if you do not want to enable TFTP.
Do you want to enable WEB server service Description: Specifies whether you want to enable Web
[n] (y/n)? server service. The Web server service allows you to monitor
statistics for the switch using your Web browser.
Action: Enter y if you want to enable Web server service.
Accept the default (n), if you do not want to enable Web server
service.
IP Address for mgmt port in first CPU Slot Description: Indicates the IP address for the management
[192.168.168.168/255.255.2.55.0]: port in the specified CPU slot.
Action: Enter the IP address of the management port in the
first CPU slot.
IP Address for mgmt port in second CPU Description: Indicates the IP address for the management
Slot [192.168.168.169/255.255.255.0]: port in the specified CPU slot.
Action: Enter the IP address of the management port in the
second CPU slot
IP Address for mgmt-virtual-ip Description: Indicates the IP address for the virtual
[0.0.0.0/0.0.0.0]: management port.
Action: Enter the IP address of the virtual management port.
Accept the default, 0.0.0.0/0.0.0.0, if you do not want to
specify an IP address.
First net mgmt route [0.0.0.0:0.0.0.0]: Description: Specifies the IP address of the first network
management route (static route from the network
management port to a device in the network).
Action: Enter the network and gateway IP address of the first
network management route.
Second net mgmt route [0.0.0.0:0.0.0.0]: Description: Specifies the IP address of the second network
management route.
Action: Enter the IP address of the second network
management route (static route from the network
management port to a device in the network).
313189-F Rev 00
Chapter 2 Setting up the switch 49
Prompt Description/Action
Third net mgmt route [0.0.0.0:0.0.0.0]: Description: Specifies the IP address of the third network
management route.
Action: Enter the IP address of the third network
management route (static route from the network
management port to a device in the network).
Fourth net mgmt route [0.0.0.0:0.0.0.0]: Description: Specifies the IP address of the fourth network
management route.
Action: Enter an IP address of the fourth network
management route (static route from the network
management port to a device in the network).
IP address of the default VLAN Description: Specifies the IP address of the default Virtual
[0.0.0.0/0.0.0.0]: Local Area Network (vLAN).
Action: Enter the IP address of the default VLAN.
Do you want to save the changes Description: Saves your changes to the boot and run-time
[Saving the parameters updates the files / configuration files.
flash/boot.cfg and /flash/dvmrp_pol.cfg] (y/ Action: Enter y to save the boot and runtime configuration
n)? files. Enter n if you do not want to save your changes.
where:
• file is the software image device and file name in the format:
[a.b.c.d:]<file> | /pcmcia/<file> | /flash/<file>. The file name, including the
directory structure, can be up to 1024 characters.
• config <value> is the software configuration device and file name in the
format: [a.b.c.d:]<file> | /pcmcia/<file> | /flash/<file>. The file name,
including the directory structure, can be up to 1024 characters.
Getting Started
50 Chapter 2 Setting up the switch
To boot the switch using the BootStrap Protocol (BootP), use the following
command:
boot 0.0.0.0
Note: Entering the boot command with no arguments causes the switch
to boot using the current boot choices defined by the choice command
(next).
reset
When you reset the switch, the most recently saved configuration file is used to
reload the system parameters.
When the switch reboots normally, a cold trap is sent within 45 seconds after a
reboot. If a single strand fiber (SSF) switchover occurs, a warm-start management
trap is sent within 45 seconds of a reboot.
313189-F Rev 00
Chapter 2 Setting up the switch 51
where:
prompt is an ASCII string specifying the system name.
2 Specify the name of the contact person for the switch by entering:
config sys set contact <contact>
where:
contact is an ASCII string specifying the name of the person.
where:
location is an ASCII string specifying the system location.
Managing files
The CLI includes file management commands for working with the switch files.
Use these commands for all the basic operations of any file system. The
commands take the general form of command [arguments]. Both the
commands and the arguments can be abbreviated as long as the abbreviation is not
ambiguous. Table 7 summarizes the file system commands.
Command Description
Getting Started
52 Chapter 2 Setting up the switch
Displaying a directory
To display the contents of the flash and PCMCIA memory, use the following
command:
where:
When you invoke the directory command with no arguments, the contents of
all flash devices appear. When you specify flash or PCMCIA, directory only
the contents of that device appear.
Note: When you use the dir command, the CLI displays all file names
under the parent directory, rather than under the subdirectory.
Copying files
where:
You can use the copy command to copy a run-time image to flash memory from a
remote TFTP server. The command format for this operation is:
313189-F Rev 00
Chapter 2 Setting up the switch 53
where:
Configuration examples
Getting Started
54 Chapter 2 Setting up the switch
where:
Getting Help
When you navigate the Boot Monitor and Run-Time CLI, online Help is available
at all levels. From any level of the tree, you can access Help in one of these four
ways:
• Typing help <command> explains what the command does and gives its
syntax (Figure 4).
313189-F Rev 00
Chapter 2 Setting up the switch 55
• Typing the word help at the system prompt provides an explanation of the
available help (Figure 5).
ERS-8606:5# help
Eight forms of help are available in the system.
ERS-8606:5#
Getting Started
56 Chapter 2 Setting up the switch
• Typing a question mark (?) at the prompt results in a list of all commands in
that command context and the subcontext of that command.
Pinging a device
When you ping a device, an Internet Control Message Protocol (ICMP) packet is
sent from the switch to the target device. If the device receives the packet, it sends
a ping reply. When the switch receives the reply, the switch displays a message
indicating that the specified IP address is alive. If no reply is received, a message
indicates that the address is not responding.
To test the connection between the Ethernet Routing Switch and another network
device, use the following command:
313189-F Rev 00
Chapter 2 Setting up the switch 57
where:
To specify a count for the ping operation, you must also specify a size. For
example:
You can test an IPX network connection by using the following command:
where:
Getting Started
58 Chapter 2 Setting up the switch
Figure 8 is sample output using the setdate command to set the system date.
To view the current date settings for the switch, use one of the following
commands:
date
or
show date
313189-F Rev 00
Chapter 2 Setting up the switch 59
ERS-8606:5# date
local time: MON OCT 13 18:41:36 2003 UTC
hardware time: MON OCT 13 18:41:36 2003 UTC
ERS-8606:5#
peer <operation>
where:
operation is either Telnet or Rlogin.
Note: Before you attempt to use a telnet session to access the backup
CPU, the telnet daemon must be enabled; otherwise, the action cannot be
completed.
You can use this command to make changes to the standby CPU without
reconnecting to the console port on that module.
Note: You must set an Rlogin access policy on the standby CPU before
you can use the peer command to access it from the master CPU using
Rlogin. To set an access policy on the standby CPU, connect a terminal
to the Console port on the standby CPU. For more information about the
access policy commands, see Configuring and Managing Security
(314724-E).
Getting Started
60 Chapter 2 Setting up the switch
quit
logout
exit
313189-F Rev 00
61
Chapter 3
Setting up the switch for remote management
This chapter describes how to assign an Internet Protocol (IP) address to the
management port, configure Simple Network Management Protocol (SNMP)
settings, and enable remote management services. This section includes the
following topics:
Getting Started
62 Chapter 3 Setting up the switch for remote management
The master management module replies to all management requests sent to the
virtual IP address, as well as to requests sent to its management port IP address. If
the master management module fails and the backup management module takes
over, the virtual management port IP address continues to provide management
access to the switch.
where:
Note: The standby IP must be in the same subnet as the master IP.
If you use the command line interface (CLI), you cannot set the standby
IP to a different subnet than the master IP, and you receive a warning
message stating this.
If you use Device Manager, you can set the standby IP to a different
subnet than the master IP, and you do not receive a warning message.
313189-F Rev 00
Chapter 3 Setting up the switch for remote management 63
where:
ipaddr/mask is the IP address and subnet mask you assign.
Any time you change the boot configuration, you must save the changes to both
the master and the standby management modules.
1 Enter:
save bootconfig standby <boot.cfg>
where:
boot.cfg is the name of the configuration file.
2 Enter:
save config standby <config.cfg>
where:
config.cfg is the name of the configuration file.
To specify a gateway address route from the runtime CLI, use the following
command:
Getting Started
64 Chapter 3 Setting up the switch for remote management
where:
boot.cfg is the name of the configuration file.
Note: If the save-to-standby flag is set to true, and you save a file to the
central processing unit (CPU) flash, the file is also saved to the standby
CPU flash.
The value 11.0.0.0/255.0.0.0 represents the target subnet; the value 10.127.231.1
represents the gateway used to point to the target subnet.
Caution: This command uses the natural mask of the target subnet.
Therefore, using this example, what you implement is the command:
config bootconfig net mgmt route add 13.0.0.0 10.125.2.1
Additionally, this route does not appear in the routing table of the
Ethernet Routing Switch 8600 switch. If any 13.x.x.x networks are
learned or configured for output using the I/O modules, connectivity
issues can result.
313189-F Rev 00
Chapter 3 Setting up the switch for remote management 65
You can use the CLI to set up passwords and community strings for access to all
the management functions of the switch.
For more information about the security features available in the Ethernet Routing
Switch software, see Configuring and Managing Security.
1 While the switch is booting, press any key to interrupt the autoboot process.
2 Enable or disable the access service by using the following command:
flags <access-service> <true|false>
where:
Getting Started
66 Chapter 3 Setting up the switch for remote management
To set up these access services from the Run-Time CLI, use the command:
where:
To save the state of the access services that you set up, use the following
command:
save bootconfig
Enabling Rlogin
When you enable an Rlogin flag using the command config bootconfig
rlogind flag true, you must configure an access policy and specify the name
of the user who can access the switch.
Figure 10 shows sample output for configuring an access policy for Rlogin. The
sample shows the access-policy configuration required for the user “netadmin” to
Rlogin to the switch from 10.0.0.0/255.0.0.0 network. For more information about
configuring access policies, see Configuring and Managing Security (314724-E).
313189-F Rev 00
Chapter 3 Setting up the switch for remote management 67
Disabling a service
To disable one of the services on the switch, enter the following command:
Note: When you enable or disable the flags, daemon behavior is changed
immediately. You need to save the boot configuration file and reboot the
system.
For configuration requirements and instructions for installing the help files,
enabling the Web server using Device Manager, and accessing the Web interface,
see Configuring Network Management (314723-E).
For instructions to install and start Device Manager, refer to Installing and Using
Device Manager (316341-D).
Getting Started
68 Chapter 3 Setting up the switch for remote management
313189-F Rev 00
69
Chapter 4
Providing switch reliability
This chapter describes the switch reliability in the Ethernet Routing Switch.
Many high availability features are built in at all levels of the Ethernet Routing
Switch, including the following.
Hardware
• Hot-swappable Input/Output (I/O) modules
• Hot-swappable Service Delivery Modules (SDM)
Caution: All disk drives must be parked before you attempt to hot-swap
an SDM module!
• passive backplane
• Silicon Switch Fabric redundancy and load-sharing
• redundant fans and power supply units
Software
• Port-level and slot-level redundancy in the form of Link Aggregation
• Split Link Aggregation
Getting Started
70 Chapter 4 Providing switch reliability
For more information about Link Aggregation, see Configuring VLANs, Spanning
Tree, and Link Aggregation (314725-E).
If the primary SSF/CPU module fails, the backup SSF/CPU assumes the primary
role.
Note: During a CPU failover, do not hot swap I/O modules until the new
CPU becomes the master CPU.
You can configure CPU redundancy to provide either basic availability or high
availability.
In warm standby redundancy mode, if the primary CPU fails, the backup CPU
must initialize all input/output modules and load switch configurations, causing
delays and disrupting operations. In hot standby redundancy mode, both CPUs
maintain synchronized configuration and operational databases, enabling very
quick recovery and high availability.
313189-F Rev 00
Chapter 4 Providing switch reliability 71
When you enable HA, both the primary and backup CPUs synchronize their
database structures following initialization. After this complete table
synchronization, only topology changes are exchanged between the primary and
backup CPU.
Getting Started
72 Chapter 4 Providing switch reliability
313189-F Rev 00
73
Index
A copy 52
date 58
acronyms 20 directory 52
exit 60
B help 54
logout 60
Boot Monitor CLI
peer 59
help commands 54
ping 56
boot parameters, setting 49 pingipx 57
BootP (BootStrap Protocol) quit 60
using to boot the switch 50 save 54
setdate 58
C config bootconfig command 62
cable, serial 31 config sys commands 50
CLI configuration
Run-Time 30 saving 54
CLI commands connection, testing 56
config sys 50 connector, modem 32
copy 52 Console port
date 58 connecting 31
directory 52 interface description 31
exit 60 RS-232 port 31
file system 51 contact person, system 51
logout 60
peer 59 conventions, text 18
ping 56 copy command 52
pingipx 57 CPU, accessing standby 59
quit 60
setdate 58
D
comands
file system 51 date command 58
commands defaults
config bootconfig 62 login names and passwords 36
config sys 50 Device Manager
Getting Started
74 Index
requirements 67 N
directory command 52
name, system 50
E P
exit command 60
passwords
changing Web interface, using Device Manager
F 67
default 36
file system commands 51
peer command 59
files, copying 52
pin assignments, Modem port 32
H ping command, Boot Monitor CLI 56
pingipx command 57
help commands 54
protocol settings, terminal 31
Help, how to get 13
publications
hard copy 22
I
identification parameters, system 50 Q
IP address
question mark in the CLI 56
assigning 62
quit command 60
IPX connection, testing 57
L R
requirements
layer 2 CPU redundancy
Device Manager 67
hot standby 70
warm standby 70 RS-232 Console port 31
location, system 51 Run-Time CLI
accessing 30
login names
default 36
logout command 60 S
save command, Run-Time CLI 54
M save configuration 54
Management port 62 serial-port connection 30
messages setdate command 58
cold boot 50 standby CPU, accessing 59
warm boot 50 system identification 50
modem, connecting 32 system parameters, setting 51
313189-F Rev 00
Index 75
T
technical publications 22
Telnet access
opening from Device Manager 30
terminal protocol, setting 31
terminal, connecting 31
text conventions 18
V
virtual management port 62
W
Web interface
changing password for, using Device Manager
67
Getting Started
76 Index
313189-F Rev 00